From 4209f27f1acabfccff0c2dea08f8e151ed82144f Mon Sep 17 00:00:00 2001 From: Dan Brown Date: Tue, 9 Aug 2022 12:40:59 +0100 Subject: [PATCH] Set a fairly sensible limit on user name validation Also updated controller properties with types within modified files. Related to #3614 --- app/Http/Controllers/Api/UserApiController.php | 4 ++-- app/Http/Controllers/Auth/RegisterController.php | 8 ++++---- app/Http/Controllers/UserController.php | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index 03d2a0f06..64e9d732d 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -36,7 +36,7 @@ class UserApiController extends ApiController { return [ 'create' => [ - 'name' => ['required', 'min:2'], + 'name' => ['required', 'min:2', 'max:100'], 'email' => [ 'required', 'min:2', 'email', new Unique('users', 'email'), ], @@ -48,7 +48,7 @@ class UserApiController extends ApiController 'send_invite' => ['boolean'], ], 'update' => [ - 'name' => ['min:2'], + 'name' => ['min:2', 'max:100'], 'email' => [ 'min:2', 'email', diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 9399e8b7f..b0aec1177 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -30,9 +30,9 @@ class RegisterController extends Controller use RegistersUsers; - protected $socialAuthService; - protected $registrationService; - protected $loginService; + protected SocialAuthService $socialAuthService; + protected RegistrationService $registrationService; + protected LoginService $loginService; /** * Where to redirect users after login / registration. @@ -69,7 +69,7 @@ class RegisterController extends Controller protected function validator(array $data) { return Validator::make($data, [ - 'name' => ['required', 'min:2', 'max:255'], + 'name' => ['required', 'min:2', 'max:100'], 'email' => ['required', 'email', 'max:255', 'unique:users'], 'password' => ['required', Password::default()], ]); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 88d44565c..895481d02 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -18,8 +18,8 @@ use Illuminate\Validation\ValidationException; class UserController extends Controller { - protected $userRepo; - protected $imageRepo; + protected UserRepo $userRepo; + protected ImageRepo $imageRepo; /** * UserController constructor. @@ -81,7 +81,7 @@ class UserController extends Controller $passwordRequired = ($authMethod === 'standard' && !$sendInvite); $validationRules = [ - 'name' => ['required'], + 'name' => ['required', 'max:100'], 'email' => ['required', 'email', 'unique:users,email'], 'language' => ['string', 'max:15', 'alpha_dash'], 'roles' => ['array'], @@ -139,7 +139,7 @@ class UserController extends Controller $this->checkPermissionOrCurrentUser('users-manage', $id); $validated = $this->validate($request, [ - 'name' => ['min:2'], + 'name' => ['min:2', 'max:100'], 'email' => ['min:2', 'email', 'unique:users,email,' . $id], 'password' => ['required_with:password_confirm', Password::default()], 'password-confirm' => ['same:password', 'required_with:password'],